π΅οΈββοΈ Security Audit #114
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| on: | |
| push: | |
| paths: | |
| - '.github/workflows/security_audit.yml' # Run when this workflow changes | |
| - '**/Cargo.toml' # Run when dependencies change | |
| - '**/Cargo.lock' # Run when dependencies change | |
| pull_request: | |
| branches: [main] | |
| schedule: | |
| - cron: '0 0 * * *' # Run periodically to capture recent developments | |
| workflow_dispatch: # Run when manually triggered | |
| workflow_call: # Run when called by another workflow | |
| name: π΅οΈββοΈ Security Audit Workflow | |
| jobs: | |
| audit_job: | |
| name: π΅οΈββοΈ Security Audit Job | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| platform: | |
| - linux | |
| - windows | |
| - apple | |
| cpu_architecture: | |
| # - i686 | |
| - x86_64 | |
| # - aarch64 | |
| # - riscv64gc | |
| include: | |
| - platform: linux | |
| cicd_runner: ubuntu_latest | |
| - platform: windows | |
| cicd_runner: windows-latest | |
| - platform: apple | |
| cicd_runner: macos-latest | |
| - compilation_target: x86_64-unknown-linux-gnu | |
| cpu_architecture: x86_64 | |
| platform: linux | |
| toolchain: gnu | |
| # - compilation_target: x86_64-unknown-linux-musl | |
| # cpu_architecture: x86_64 | |
| # platform: linux | |
| # toolchain: musl | |
| - compilation_target: x86_64-pc-windows-msvc | |
| cpu_architecture: x86_64 | |
| platform: windows | |
| toolchain: msvc | |
| # - compilation_target: x86_64-pc-windows-gnu | |
| # cpu_architecture: x86_64 | |
| # platform: windows | |
| # toolchain: gnu | |
| - compilation_target: x86_64-apple-darwin | |
| cpu_architecture: x86_64 | |
| platform: apple | |
| toolchain: darwin | |
| # - compilation_target: aarch64-unknown-linux-gnu | |
| # cpu_architecture: aarch64 | |
| # platform: linux | |
| # toolchain: gnu | |
| # - compilation_target: aarch64-unknown-linux-musl | |
| # cpu_architecture: aarch64 | |
| # platform: linux | |
| # toolchain: musl | |
| # - compilation_target: aarch64-pc-windows-msvc | |
| # cpu_architecture: aarch64 | |
| # platform: windows | |
| # toolchain: msvc | |
| # - compilation_target: aarch64-apple-darwin | |
| # cpu_architecture: aarch64 | |
| # platform: apple | |
| # toolchain: darwin | |
| # - compilation_target: riscv64gc-unknown-linux-gnu | |
| # cpu_architecture: riscv64gc | |
| # platform: linux | |
| # toolchain: gnu | |
| permissions: | |
| contents: read | |
| issues: write | |
| runs-on: ${{ matrix.cicd_runner }} | |
| steps: | |
| - name: π Checkout Git Repository Step | |
| id: repository_checkout_step | |
| uses: actions/checkout@v4 | |
| - name: π Setup Python Step | |
| id: python_setup_step | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.11' | |
| cache: 'pip' | |
| - name: βοΈ Install dependencies | |
| id: dependencies_install_step | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install requests | |
| - name: π΅οΈββοΈ Security Audit Step | |
| id: audit_step | |
| uses: actions-rust-lang/audit@v1 | |
| - name: π Setup Cache | |
| id: cache_setup_step | |
| uses: Swatinem/rust-cache@v2 |